You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "Ken Giusti (JIRA)" <ji...@apache.org> on 2016/05/16 20:25:13 UTC

[jira] [Created] (PROTON-1199) A soft link within the Go subdirectory causes fatal sandbox errors

Ken Giusti created PROTON-1199:
----------------------------------

             Summary: A soft link within the Go subdirectory causes fatal sandbox errors
                 Key: PROTON-1199
                 URL: https://issues.apache.org/jira/browse/PROTON-1199
             Project: Qpid Proton
          Issue Type: Bug
          Components: go-binding
    Affects Versions: 0.12.2, 0.11.1, 0.13.0
         Environment: python distutils
            Reporter: Ken Giusti
            Assignee: Alan Conway
            Priority: Blocker
             Fix For: 0.13.0


Attempting to use a package dependency on python-qpid-proton from within a setup.py will fail.   This prevents pyngus from using any version of proton > 11.0.

This is due to a soft link in the .tar distribution that attempts to reference files outside of the sandbox used by distutils.

To reproduce:

1) clone https://github.com/kgiusti/pyngus
2) modify the setup.py file in the top directory:

--- a/setup.py
+++ b/setup.py
@@ -33,7 +33,7 @@ try:
 except ImportError:
     # this version of proton will download and install the proton shared
     # library as well:
-    _dependencies = ['python-qpid-proton>=0.9,<0.11']
+    _dependencies = ['python-qpid-proton>=0.9,<0.12']

3) create a virtual env:
   $ virtualenv PY27; source PY27/bin/activate
4) attempt to install pyngus
   $ python setup.py build install

The last step will fail at the point where it unpacks the proton source tarball.

After a bit of debugging, I've root caused the issue:

fetching http://www.apache.org/dist/qpid/proton/0.11.1/qpid-proton-0.11.1.tar.gz into build/bundled
SandboxViolation: symlink('../../../../../../tests/interop', 'build/bundled/qpid-proton-0.11.1/proton-c/bindings/go/src/qpid.apache.org/amqp/interop') {}

The package setup script has attempted to modify files on your system
that are not within the EasyInstall build area, and has been aborted.

The link does point at the top of the unpacked tar, but for some reason EasyInstall thinks it is outside the build tree.





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org